{"id":"CVE-2021-29468","details":"Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on Cygwin. The problem will be patched in the Cygwin Git v2.31.1-2 release. At time of writing, the vulnerability is present in the upstream Git source code; any Cygwin user who compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.","modified":"2026-04-10T04:32:02.497372Z","published":"2021-04-29T21:15:08.550Z","related":["GHSA-rmp3-wq55-f557"],"references":[{"type":"WEB","url":"https://lore.kernel.org/git/CA+kUOa=juEdBMVr_gyTKjz7PkPt2DZHkXQyzcQmAWCsEHC_ssw%40mail.gmail.com/T/#u"},{"type":"FIX","url":"https://cygwin.com/pipermail/cygwin-announce/2021-April/010018.html"},{"type":"FIX","url":"https://github.com/me-and/Cygwin-Git/blob/main/check-backslash-safety.patch"},{"type":"FIX","url":"https://github.com/me-and/Cygwin-Git/security/advisories/GHSA-rmp3-wq55-f557"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/me-and/cygwin-git","events":[{"introduced":"0"},{"last_affected":"25b33aab23dffcbf51f04c1f0788d81b73ca901f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.31.1-1"}]}}],"versions":["v2.12.2-1","v2.12.2-1-1","v2.12.3-1","v2.12.3-2","v2.14.0-1","v2.14.1-1","v2.14.2-1","v2.14.2-2","v2.14.2-3","v2.14.3-1","v2.15.0-1","v2.15.1-1","v2.16.1-1","v2.16.2-1","v2.17.0-1","v2.26.2-1","v2.27.0-1","v2.28.0-1","v2.29.0-1","v2.29.2-1","v2.30.0-1","v2.30.1-1","v2.30.2-1","v2.31.0-1","v2.31.1-1","v2.4.4-1","v2.4.5-1","v2.4.5-2","v2.4.5-3","v2.5.1-1","v2.5.3-1","v2.6.2-1","v2.7.0-1","v2.7.3-1","v2.7.3-2","v2.7.4-1","v2.8.0-1","v2.8.3-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29468.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}